ikolor wrote:next..f07a.rar content does not match to that you uploaded to VT.
https://www.virustotal.com/en/file/9a5e ... 476369947/
https://www.virustotal.com/en/file/09da ... 476366412/
VT upload suggest it is lnk file from Kovter infection.
Second file is SendSafeEnterprise spambot protected by primitive obfuscator or whatever and build with multiple usage of various open source crypto libraries.
https://www.virustotal.com/en/file/4fdc ... 476460086/
unpacked in attach.
Posts moved.
